Fortinet FortiPortal weak security | CVE-2021-36171
NAME
Fortinet FortiPortal weak security
- Platforms Affected:
Fortinet FortiPortal 6.0.5
Fortinet FortiPortal 5.3.6
Fortinet FortiPortal 5.2.6
Fortinet FortiPortal 5.1.2
Fortinet FortiPortal 5.0.3
Fortinet FortiPortal 4.1.2
Fortinet FortiPortal 4.0.4
Fortinet FortiPortal 4.2.4 - Risk Level:
8.1 - Exploitability:
Unproven - Consequences:
Obtain Information
DESCRIPTION
Fortinet FortiPortal could provide weaker than expected security, caused by the use of a cryptographically weak pseudo-random number generator in the password reset feature. An attacker could exploit this vulnerability to predict parts of or the whole newly generated password within a given time frame.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: High
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to FortiGuard Advisory FG-IR-21-099 for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://www.fortiguard.com/psirt/FG-IR-21-099 - Reference Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36171
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
